chore(deps): update dependency google-cloud-aiplatform to v1.133.0 [security]

[renovate-bot]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
google-cloud-aiplatform	==1.64.0 → ==1.133.0
google-cloud-aiplatform	==1.57.0 → ==1.133.0
google-cloud-aiplatform	==1.62.0 → ==1.133.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

---

Release Notes

googleapis/python-aiplatform (google-cloud-aiplatform)

v1.133.0

Compare Source

Features

• Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
• GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
• GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
• Support Developer Connect in AE (04f1771)

Bug Fixes

• Add None check for agent_info in evals.py (c8c0f0f)
• GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
• Make project_number to project_id mapping fail-open. (f1c8458)
• Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
• Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
• Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
• Return embedding metadata if available (d9c6eb1)
• Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

v1.132.0

Compare Source

Features

• Add Lustre support to the Vertex Training Custom Job API (71747e8)
• Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

• A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
• A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

v1.131.0

Compare Source

Features

• Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
• GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
• Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

• Fix RagManagedVertexVectorSearch when using backend_config (df0976e)
• GenAI Client(evals) - patch for vulnerability in visualization (8a00d43)

v1.130.0

Compare Source

Features

• A new field min_gpu_driver_version is added to message .google.cloud.aiplatform.v1beta1.MachineSpec (26dfdfe)
• Adding RagManagedVertexVectorSearch Vector DB option for RAG corpuses to SDK (da79e21)
• Expose FullFineTunedResources for full fine tuned deployments (26dfdfe)
• Expose zone when creating a FeatureOnlineStore (26dfdfe)
• GenAI Client(evals) - Add support to local agent run for agent eval (30e41d0)
• GenAI SDK client(memory): Add PurgeMemories (95eb10f)
• Introduce RagManagedVertexVectorSearch as a new vector db option (26dfdfe)

Documentation

• Update ReplicatedVoiceConfig.mime_type comment (26dfdfe)
• Update ReplicatedVoiceConfig.mime_type comment (26dfdfe)

v1.129.0

Compare Source

⚠ BREAKING CHANGES

• An existing field transfer_to_agent is removed from message .google.cloud.aiplatform.v1beta1.EventActions
• updating bigtable_metadata field name in FeatureOnlineStore
• updating enableDirectBigtableAccess field name in FeatureOnlineStore`
• updating bigtable_metadata field name in FeatureView

Features

• Add gpu_partition_size in machine_spec v1 api (e0bc3d8)
• Add ReplicatedVoiceConfig to VoiceConfig to enable Gemini TTS voice replication (e0bc3d8)
• Add ReplicatedVoiceConfig to VoiceConfig to enable Gemini TTS voice replication (e0bc3d8)
• Add EmbedContent method v1 (e0bc3d8)
• Add EmbedContent method v1beta1 (e0bc3d8)
• Add FunctionResponsePart and excluded_predefined_functions in ComputerUse (e0bc3d8)
• Add FunctionResponsePart and excluded_predefined_functions in ComputerUse (e0bc3d8)
• Add new fields SUCCESSFULLY_DEPLOYED and FAILED_TO_DEPLOY to DeploymentStage (e0bc3d8)
• Add new fields SUCCESSFULLY_DEPLOYED and FAILED_TO_DEPLOY to DeploymentStage (e0bc3d8)
• Add order_by to list_events (e0bc3d8)
• Add support for developer connect based deployment (e0bc3d8)
• Add support for developer connect based deployment (e0bc3d8)
• Continuous Tuning (e0bc3d8)
• Enable Vertex Model Garden Managed OSS Fine Tuning. (26b7e51)
• GenAI Client(evals) - Add location override parameter to run_inference and evaluate methods (b867043)
• GenAI Client(evals) - support setting autorater generation config for predefined rubric metrics (9304f15)
• GenAI SDK client(multimodal) - Support Assess Tuning Resource for multimodal dataset. (bc26160)
• GenAI SDK client(sessions): Add label to Sessions (837c8ea)

Bug Fixes

• Add OTel cloud.provider attribute to AdkTemplate (7d3bcdd)
• Add support for app in _init_session (d9f6c58)
• An existing field transfer_to_agent is removed from message .google.cloud.aiplatform.v1beta1.EventActions (e0bc3d8)
• Correlate traces with logs in Cloud Trace panel on adk deploy agent_engine (9301551)
• Enable from vertexai.types import TypeName without needing to run from vertexai import types first (46285bf)
• Enable from vertexai.types import TypeName without needing to run from vertexai import types first (f4a6cbe)
• Gen AI SDK client - Fix bug in GCS bucket creation for new agent engines. (8d4ce38)
• GenAI SDK client(eval) - Reorder the params to put the Config param at the last place. (e8b12cb)
• Save artifact in init_session (2a43e9b)
• Update default input and output modes in create_agent_card (7ca4226)
• Updating bigtable_metadata field name in FeatureOnlineStore (e0bc3d8)
• Updating bigtable_metadata field name in FeatureView (e0bc3d8)
• Updating enableDirectBigtableAccess field name in FeatureOnlineStore` (e0bc3d8)

Documentation

• A comment for field filter in message .google.cloud.aiplatform.v1beta1.ListSessionsRequest is changed (e0bc3d8)
• A comment for field package_spec in message .google.cloud.aiplatform.v1.ReasoningEngineSpec is changed (e0bc3d8)
• A comment for field package_spec in message .google.cloud.aiplatform.v1beta1.ReasoningEngineSpec is changed (e0bc3d8)
• A comment for message ReasoningEngineSpec is changed (e0bc3d8)
• A comment for message ReasoningEngineSpec is changed (e0bc3d8)
• Fix idle_scaledown_period minimum from 3600 to 300 (5 minutes) (e0bc3d8)
• Remove comments for a non public feature (e0bc3d8)

Miscellaneous Chores

• Release 1.129.0 (89db338)

v1.128.0

Compare Source

Features

• GenAI Client(evals) - Add pass_rate to AggregatedMetricResult and calculate it for adaptive rubric metrics. (1f1f67e)
• GenAI SDK client - Support build options in Agent Engine GCS Deployment. (28499a9)
• GenAI SDK client - Support build options in Agent Engine source-based Deployment. (f7e718f)
• GenAI SDK client(multimodal) - Support Assemble feature on the multimodal datasets. (2195411)

Bug Fixes

• Fix the change runner behavior back to sync function in streaming_agent_run_with_events (e9d9c31)
• GenAI Client(evals) - fix eval visualizations in Vertex Workbench (c3abe51)
• GenAI Client(evals) - Reformat codebase 1. Remove duplicated code in _evals_utils and _evals_metric_loader 2. Keep metric utils in _evals_metric_loader and data util in _evals_utils (5f3c655)

v1.127.0

Compare Source

Features

• Reenable VertexAiSession for streaming_agent_run_with_events (d3b12d5)

Bug Fixes

• Forward reference resolution in Pydantic schema generation. (0013865)
• GenAI Client(evals): Long traces do not scroll (3a99664)

Documentation

• Add vertexai.types module to generated docs (fc83569)

v1.126.1

Compare Source

Bug Fixes

• Add telemetry enablement env for agent engines deployed using module (e64ff28)

v1.126.0

Compare Source

Features

• Default to "unspecified" for telemetry enablement (3ca65cb)
• GenAI Client(evals) - Add loading agent info util function (acb6cab)
• GenAI Client(evals): Add warning message when tool usage is empty for tool_use_quality (531d223)

Bug Fixes

• Populate missing auth_id for _init_session into adk session.state (37fa3ce)

v1.125.0

Compare Source

⚠ BREAKING CHANGES

• Switch tracing APIs in preview AdkApp.
• Switch cloudtrace.googleapis.com to telemetry.googleapis.com for tracing API.

Features

• Add reservation affinity support to preview BatchPredictionJob (c8f38a0)
• Add support for Vertex Express Mode API key in AdkApp (05834cb)
• Add the identity type option for the agent engine and add effective identity to the resource (bf1851e)
• Alow VertexAiSession for streaming_agent_run_with_events (13faa27)
• GenAI Client(evals) - Add retry to predefine metric (9a46e67)

Bug Fixes

• GenAI Client(evals) - Change dataset visualization table to fixed to prevent horizontal expansion. (7a5a066)
• GenAI Client(evals) - Remove requirement for agent_info.agent in create_evaluation_run in Vertex AI GenAI SDK evals. (d02a7da)
• GenAI Client(evals) - Support direct pandas DataFrame dataset in evaluate() (a917122)
• Revert: Alow VertexAiSession for streaming_agent_run_with_events (7c8c218)

Miscellaneous Chores

• Release 1.125.0 (d344858)
• Switch cloudtrace.googleapis.com to telemetry.googleapis.com for tracing API. (c81f912)
• Switch tracing APIs in preview AdkApp. (27ef56b)

v1.124.0

Compare Source

⚠ BREAKING CHANGES

• GenAI SDK client - Enabling new data driven prompt optimization for prompts from Android API by passing

Features

• GenAI SDK client - Enabling new data driven prompt optimization for prompts from Android API by passing (4216790)

Bug Fixes

• GenAI Client(evals) - Apply sync function for agent run (8a20349)
• GenAI Client(evals) - Support EvaluationDataset output from run_inference as input dataset in create_evaluation_run in Vertex AI GenAI SDK evals (741c6ad)
• GenAI Client(evals) - Update send online eval service request default value and avoid None value (09bf9a9)

Miscellaneous Chores

• Release 1.124.0 (35ac4c5)

v1.123.0

Compare Source

Features

• Add initial support for Python v3.14 (4618729)
• Add more attributes to OTel resource for ADK tracing (5aaa60e)
• Add Python 3.13 Kokoro run config (57d2709)
• Add support for app input in AdkApp template (10ca56f)
• Add support of google-cloud-storage v3 dependency (85cbb75)
• Disable prompt/response content in ADK spans if telemetry env is set (be5d1f5)
• GenAI Client(evals) - Add agent data to EvaluationRun show in Vertex AI GenAI SDK evals (d62afc3)
• GenAI SDK client - add context management to AsyncClient (8075e60)
• GenAI SDK client - Enabling zero-shot prompt optimization for prompts from Android API by passing optimization_target=vertexai.types.OptimizeTarget.OPTIMIZATION_TARGET_GEMINI_NANO in the config (92d8b2a)
• GenAI SDK client (Multimodal Dataset) - Create a multimodal dataset from Big Query. (d4e211d)
• GenAI SDK client(memory): Add extracted memories to MemoryRevision resources (2267d58)
• GenAI SDK client(memory): Add filter to RetrieveMemories (2267d58)
• GenAI SDK client(memory): Add Memory Topic labels to Memory (de941a6)
• GenAI SDK client(multimodal) - Add get/update/list/delete to multimodal datasets. (34996a2)
• GenAI SDK client(multimodal) - Add public get/update/delete methods to multimodal datasets. (6737a70)
• Support Inline Source Deployment in Agent Engine (9ae5f35)

Bug Fixes

• Allow both camelCase and snake_case in _StreamRunRequest (6a6674d)
• Clone agent_framework attribute in ModuleAgent.clone() (81f8c40)
• GenAI Client(evals) - fix hallucination visualization (a52da0b)
• GenAI Client(evals) - fix visualization (67f9099)
• GenAI SDK client - Fix log showing how to get an Agent Engine. Positional arguments are not allowed. (0fc74de)
• Remove unnecessary pandas import from multimodal datasets preview module. (5dd51a2)

Documentation

• Add docstring for classes and fields that are not supported in Gemini or Vertex API (cd99635)
• Add docstring for enum classes that are not supported in Gemini or Vertex API (db364ab)

v1.122.0

Compare Source

Features

• Add STZ support for Endpoint.deploy and Model.deploy (preview). (7dd2629)
• Add support for Python v3.13 (db286c4)
• Add support for telemetry env enablement and logging setup in default instrumentor. (a26171c)
• Allow Memory Revisions to be disabled (cf0948f)
• Disable request/response content in custom ADK spans on Agent Engine in case there's no explicit consent (dc5dcc7)
• GenAI Client(evals) - Add create_evaluation_set and create_evaluation_item methods to Vertex AI GenAI SDK evals (83553a9)
• GenAI Client(evals) - Add evaluation_df input support to create_evaluation_run method in Vertex AI GenAI SDK evals (7a1262b)
• GenAI Client(evals) - Add inference_configs to create_evaluation_run method in Vertex AI GenAI SDK evals (5b5e6bd)
• GenAI Client(evals) - Add labels to EvaluationRun in Vertex AI GenAI SDK evals (67cf80b)
• GenAI Client(evals) - Add metrics to create_evaluation_run method in Vertex AI GenAI SDK evals (ce35218)
• GenAI Client(evals) - Add agent eval data converter evals (cd61c86)
• GenAI Client(evals) - Add Detailed View to show method for EvaluationRun for Vertex AI GenAI SDK evals (dc16065)
• GenAI Client(evals) - Register hallucination and tool_usage_quality metrics for agent eval (7ae013e)
• GenAI Client(evals) - Update agent eval evaluation report dashboard (e2aa3eb)
• GenAI SDK client - Add TTL support for Agent Engine Code Execution (9d139eb)
• GenAI SDK client: Add async Memory and Memory Revisions methods (55b7c23)
• GenAI SDK client(evals) - Add agent run in run_inference (8b9ed04)
• GenAI SDK client(evals) - Add predefined metrics for Gecko text-to-image and text-to-video evaluations (b05e5b3)
• GenAI SDK client(evals) - Update evaluate function to enable agent_info (d13b230)
• GenAI SDK client(evals) Send agent eval request to EvaluateInstance (87ea594)
• Support TTL (per Memory Bank and per-request) for Memory Revisions (cf0948f)

Bug Fixes

• GenAI Client(evals) - Support multiple metrics in Detailed View show method for EvaluationRun for Vertex AI GenAI SDK evals (3ac82ea)
• GenAI SDK (prompts) - Fix bug where passing encryption_spec to prompts.create raised an error (f0a4a00)

v1.121.0

Compare Source

⚠ BREAKING CHANGES

• remove deprecated transfer_to_agent parameter

Features

• A new message ScaleToZeroSpec is added (62ea30a)
• Add additional proto fields and GenerateFetchAccessToken API (62ea30a)
• Add aspect_ratio and image_config for v1 version (62ea30a)
• Add aspect_ratio and image_config for v1beta1 version (62ea30a)
• Add async methods for Sessions and Session Events (ac6e0b4)
• Add JAILBREAK as a new Prompt block reason in PredictionService (62ea30a)
• Add JAILBREAK category to SafetySettings for prediction service (62ea30a)
• Add JAILBREAK category to SafetySettings for prediction service (62ea30a)
• Add labels field for Predict API for Imagen use case (v1beta and v1) (62ea30a)
• Add ListOperations partial success flag (62ea30a)
• Add ListOperations unreachable resources (62ea30a)
• Add matching engine deployment tier parameter and new shard size (ffe9cde)
• Add resource attributes and GenAI instrumentation to default instrumentator in ADK VAE template (f0dc877)
• Add support for Inline source based deployment (62ea30a)
• Add support for Inline source based deployment (62ea30a)
• Add support for Python 3.14 (62ea30a)
• GenAI SDK client - Update input handling inside code execution sandbox (9a452cc)
• GenAI SDK client(evals) Update data model for agent evaluation (4ca9fcc)
• Initial implementation of the SDK for Memory Revisions (b91b63c)
• Support for explicitly providing class_methods in Agent Engine config. (af8c898)
• Updated Observability GenAI data format converter for JSONL (00e57de)

Bug Fixes

• Adding google internal import rule for vertex service to adk app (0d1240e)

Miscellaneous Chores

• Release 1.121.0 (8b2eed8)
• Remove deprecated transfer_to_agent parameter (71a7832)

v1.120.0

Compare Source

Features

• Add ability to use existing sessions for streaming_agent_run_with_events calls. (0a369ea)
• Add DeploymentTier enum to DeployedIndex (89a26c1)
• Add labels field for Predict API for Imagen use case (v1beta) (89a26c1)
• Auto-generated CL for //google/cloud/aiplatform:aiplatform_v1_public_proto_gen (89a26c1)
• Expose PSC for CustomModel (d02099c)
• GenAI Client(evals) - Add get_evaluation_set and get_evaluation_item methods to Vertex AI GenAI SDK evals (7757886)
• GenAI Client(evals) - Add show method for EvaluationRun class in Vertex AI GenAI SDK evals (0c932b9)
• Migrate vertex ai session service to use agent engine sdk (b72df1c)
• Migrate vertex_ai_session_service to use Agent Engine SDK (55b54a2)
• Migrate vertex_ai_session_service to use Agent Engine SDK (03772e2)

Bug Fixes

• GenAI Client(evals) - Parse user defined rubrics correctly to LLM metric (64b0665)

Documentation

• Fix Sessions SDK docstrings (0077bde)

v1.119.0

Compare Source

Features

• GenAI Client(evals) - Add EvaluationResults to get_evaluation_run method response in Vertex AI GenAI SDK evals (f07ecc3)
• GenAI SDK client (prompt management): Release Prompts module to GA (3394028)

v1.118.0

Compare Source

⚠ BREAKING CHANGES

• GenAI SDK client (prompt management) - Split create into two methods, create() and create_version()
• GenAI SDK client (prompt management) - Split get into two methods, get() and get_version()
• GenAI SDK client (prompt management) - Rename list methods to list() and list_versions()
• GenAI SDK client (prompt management) - Rename delete methods to delete() and delete_version()
• GenAI SDK client (prompt management) - Rename prompt_management module to prompts

Features

• Add enable_widget option in Google Maps and additional grounding information (0722687)
• Add filter option for deploy configuration in Model Garden deploy SDK (ac33e87)
• Add Model Garden deploy SDK select verified config guide. (36a5bbc)
• Add private_model_server_enabled to in Endpoint.proto (0722687)
• Add Validation mode in FunctionCallingConfig (0722687)
• Add Validation mode in FunctionCallingConfig (0722687)
• GenAI Client(evals) - Add create_evaluation_run method to Vertex AI GenAI SDK evals (7db9b4f)
• GenAI Client(evals) - Add get_evaluation_run method to Vertex AI GenAI SDK evals (bbbadbc)
• GenAI SDK client (prompt management) - Rename delete methods to delete() and delete_version() (d52ed42)
• GenAI SDK client (prompt management) - Rename list methods to list() and list_versions() (d52ed42)
• GenAI SDK client (prompt management) - Rename prompt_management module to prompts (d52ed42)
• GenAI SDK client (prompt management) - Split create into two methods, create() and create_version() (d52ed42)
• GenAI SDK client (prompt management) - Split get into two methods, get() and get_version() (d52ed42)
• GenAI SDK client(evals) Add data model for agent evaluation (d3ef487)
• PSC support for custom weights deploy (0722687)
• Tuning PreTunedModel API field (0722687)

Bug Fixes

• Mitigate breaking change in GenAI SDK for ADK on AgentEngine (9fa50aa)
• Relax the type annotations to avoid issues with pydantic when deploying (7a6a2f5)
• Remove the upperbound on google-genai for AgentEngine (74726f3)

Documentation

• A comment for field dedicated_endpoint_disabled in message .google.cloud.aiplatform.v1beta1.DeployRequest is changed (0722687)
• Remove legacy internal lint directives (0722687)
• Update the comment for ANY mode in FunctionCallingConfig. (0722687)
• Update the comment for ANY mode in FunctionCallingConfig. (0722687)

Miscellaneous Chores

• Release 1.118.0 (a67a795)

v1.117.0

Compare Source

Features

• Expose user reservation for CustomModel (f796e74)
• Gen AI SDK client - add experimental restore_version method to Prompt Management (820e0b6)

Documentation

• Add generated docs for Gen AI Modules (c3c2f7f)

v1.116.0

Compare Source

Features

• Add experimental async list_prompts and list_version methods to prompt management (13a626b)
• GenAI SDK client - add experimental async delete_prompt and delete_version method to Prompt Management (45e616a)
• Update gapic utils to allows creating RAG clients with api_override (9851905)

Bug Fixes

• GenAI Client(evals) - Add support for context in Grounding metric (e75d91f)
• Pass plugins to the Runner in ADK template. (b43b7b4)

Documentation

• Update AgentEngine with ADK template to the version in GA (0d600fd)

v1.115.0

Compare Source

⚠ BREAKING CHANGES

• The optimize_prompt method no longer returns the parsed response directly. Code must be updated to access the .raw_text_response or .parsed_response attribute on the new return object.

Features

• Add has_template_config to MultimodalDataset. (97a6e71)
• GenAI SDK client - add experimental async create_version and get methods to prompt management (d8de037)
• GenAI SDK client - Add experimental delete_prompt() and delete_version() methods to Prompt Management (3f7f976)
• GenAI SDK client - Modify optimize_prompt to return raw and parsed responses. (415cf26)
• GenAI SDK client -- add support for user defined labels for ReasoningEngine (002b441)
• Update list_deploy_options api for Vertex AI Model Garden custom model to support filtering by machines that user has quota for. (540e9e0)

Bug Fixes

• GenAI Client(evals) - Improve LiteLLM model completion response parsing (ff55a48)
• Update definition of async_add_session_to_memory to not depend on Session (dc9a5da)

Documentation

• Add Agent Engine with ADK examples to README. (c74305b)
• Streamline installation section in README and add uv package installation command (bf91a55)

Miscellaneous Chores

• Release 1.115.0 (bcf9ce0)

v1.114.0

Compare Source

Features

• GenAI SDK client - Add experimental list_prompts() and list_versions() methods to Prompt Management (18a5559)

Bug Fixes

• GenAI SDK client - Add agent_server_mode arg to AgentEngineConfig and pass it to API request if present. (1f821fd)

v1.113.0

Compare Source

Features

• GenAI - Added GPT, Qwen, and DeepSeek models support in GenAI batch prediction (cdd73d2)
• GenAI Client(evals) - Add support for Vertex Model Garden MaaS models. (751cb18)

Bug Fixes

• GenAI Client(evals) - Update data handling for adaptive rubric multi-turn evaluation metrics (c511490)

v1.112.0

Compare Source

Features

• GenAI SDK client - Add A2A support in Agent Engine (d500945)
• GenAI SDK client - Add Observability GenAI data format converter for evals (0665566)
• GenAI SDK client - Add orderBy to ListMemories (c6872f0)
• GenAI SDK client - Add support for loading evaluation datasets from Observability GCS sources (bfcccc9)
• GenAI SDK client - Add the service account option for the agent engine (219c33f)
• Adding gpu_partition_size parameter to Model.deploy() method. (966c236)
• Change gpu_partition_size type hint to str. (910016d)
• GenAI SDK client - Add api_key parameter to vertexai.Client (a9ffc60)
• GenAI SDK client - Add experimental prompt_management module with create_version and get methods (d5a14ba)
• GenAI SDK client - Add live/bidi agent deployment support for Agent Engine (74e3f25)
• GenAI SDK client - Add sandbox code execution SDK support (74e52d9)
• GenAI SDK client - Remove experimental warning from agent_engines module (42c3c9c)
• GenAI SDK client - Support bidi stream query in agent engines and ADK template. (456249e)

Bug Fixes

• Allow for inheritance of clone behavior in AdkApp (e5ced93)
• GenAI SDK client - Decrease polling interval for GenerateMemories and CreateS

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a critical security and feature upgrade for the google-cloud-aiplatform Python client library. By updating to v1.133.0, it resolves a significant security vulnerability (CVE-2026-2473) and introduces a vast array of new functionalities, particularly within the Generative AI SDK. This update ensures the project benefits from the latest advancements in Google Cloud's AI platform, offering improved performance, expanded capabilities, and enhanced security posture.

Highlights

• Security Update: This pull request addresses CVE-2026-2473 by updating the google-cloud-aiplatform dependency to v1.133.0. This vulnerability previously allowed unauthenticated remote attackers to achieve cross-tenant remote code execution, model theft, and poisoning in Vertex AI Experiments.
• Major Dependency Upgrade: The google-cloud-aiplatform library has been significantly upgraded from versions 1.57.0, 1.62.0, and 1.64.0 to 1.133.0, incorporating a large number of new features, bug fixes, and API enhancements.
• Extensive GenAI SDK Enhancements: Numerous new capabilities have been introduced across the GenAI SDK clients, including advanced prompt optimization (few-shot, zero-shot), comprehensive memory management (third-person memories, purging, revisions), expanded multimodal dataset support, and a wide array of evaluation metrics and tools for agent performance.
• API and Developer Experience Improvements: The update includes new API fields and methods, support for Python 3.13 and 3.14, enhanced observability and telemetry features, and more flexible deployment options for Agent Engines and models. Several breaking changes related to prompt management and tracing APIs are also part of this extensive update.

Changelog

• dataflow/gemma-flex-template/requirements-test.txt
  • Updated google-cloud-aiplatform from 1.62.0 to 1.133.0.
• dataflow/run-inference/requirements-test.txt
  • Updated google-cloud-aiplatform from 1.57.0 to 1.133.0.
• gemma2/requirements.txt
  • Updated google-cloud-aiplatform[all] from 1.64.0 to 1.133.0.

Activity

• This pull request was automatically generated by renovate-bot to update the google-cloud-aiplatform dependency.
• The automerge feature is disabled, requiring a manual merge once satisfied with the changes.
• Rebasing is set to 'Never' unless explicitly triggered by checking the rebase/retry checkbox.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the google-cloud-aiplatform dependency across several requirements-test.txt and requirements.txt files to version 1.133.0. This update is important as it addresses a security vulnerability (CVE-2026-2473) related to predictable bucket naming in Vertex AI Experiments, which could lead to cross-tenant remote code execution, model theft, and poisoning. The changes are straightforward dependency version bumps, and no further action is needed beyond merging this update to incorporate the security fix and new features.